Data encryption
In an e-commerce site, you process sensitive information, such as customer credit card numbers and user profile information. Commerce Server recommends using these methods to encrypt data to protect this information:
-
Use of Secure Sockets Layer (SSL) to encrypt non-profile data. SSL is a scheme for protocols such as HTTP and others to transmit data in a secure manner.
-
Use of profile encryption keys to encrypt profile data. For more information, go to How to configure encryption keys for Profiles System data.
-
Use of Transparent Data Encryption from SQL Server to encrypt the content of the log and data files of the databases. If this feature enabled, if anyone gets a copy of your databases, they will be unable to read it. For more information on Transparent Data Encryption, go to: https://msdn.microsoft.com/en-ca/library/bb934049.aspx.
-
Encrypt the database connection between the website and databases by enabling Encrypted Connections in SQL Server. For more information on Encrypted Connections, go to: https://msdn.microsoft.com/en-ca/library/ms191192(v=sql.120).aspx